You are previewing Mastering Mobile Forensics.
O'Reilly logo
Mastering Mobile Forensics

Book Description

Develop the capacity to dig deeper into mobile device data acquisition

About This Book

  • A mastering guide to help you overcome the roadblocks you face when dealing with mobile forensics

  • Excel at the art of extracting data, recovering deleted data, bypassing screen locks, and much more

  • Get best practices to how to collect and analyze mobile device data and accurately document your investigations

  • Who This Book Is For

    The book is for mobile forensics professionals who have experience in handling forensic tools and methods. This book is designed for skilled digital forensic examiners, mobile forensic investigators, and law enforcement officers.

    What You Will Learn

  • Understand the mobile forensics process model and get guidelines on mobile device forensics

  • Acquire in-depth knowledge about smartphone acquisition and acquisition methods

  • Gain a solid understanding of the architecture of operating systems, file formats, and mobile phone internal memory

  • Explore the topics of of mobile security, data leak, and evidence recovery

  • Dive into advanced topics such as GPS analysis, file carving, encryption, encoding, unpacking, and decompiling mobile application processes

  • In Detail

    Mobile forensics presents a real challenge to the forensic community due to the fast and unstoppable changes in technology. This book aims to provide the forensic community an in-depth insight into mobile forensic techniques when it comes to deal with recent smartphones operating systems

    Starting with a brief overview of forensic strategies and investigation procedures, you will understand the concepts of file carving, GPS analysis, and string analyzing. You will also see the difference between encryption, encoding, and hashing methods and get to grips with the fundamentals of reverse code engineering. Next, the book will walk you through the iOS, Android and Windows Phone architectures and filesystem, followed by showing you various forensic approaches and data gathering techniques.

    You will also explore advanced forensic techniques and find out how to deal with third-applications using case studies. The book will help you master data acquisition on Windows Phone 8. By the end of this book, you will be acquainted with best practices and the different models used in mobile forensics.

    Style and approach

    The book is a comprehensive guide that will help the IT forensics community to go more in-depth into the investigation process and mobile devices take-over.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

    Table of Contents

    1. Mastering Mobile Forensics
      1. Table of Contents
      2. Mastering Mobile Forensics
      3. Credits
      4. About the Author
      5. About the Reviewer
      6. www.PacktPub.com
        1. eBooks, discount offers, and more
          1. Why subscribe?
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the color images of this book
          2. Errata
          3. Piracy
          4. Questions
      8. 1. Mobile Forensics and the Investigation Process Model
        1. Why mobile forensics?
        2. Smartphone forensics models
          1. Computer Forensic Investigation Process
          2. Digital Forensic Research Workshop
          3. Abstract Digital Forensics Model
          4. Integrated Digital Investigation Process
          5. End-to-end digital investigation process
          6. Systemic Digital Forensic Investigation
        3. Smartphone forensics challenges
          1. Operating systems' variety and changeability
          2. Important hardware variations
          3. Different filesystems
          4. Built-in security
          5. Encrypted data wiping
          6. Data volatility
          7. The cloud
        4. Summary
      9. 2. Do It Yourself – Low-Level Techniques
        1. Getting acquainted with file carving
          1. Carving the JPEG format
          2. Carving the ZIP format
        2. Extracting metadata – GPS analysis
        3. String dump and analysis
        4. Encryption versus encoding versus hashing
          1. Encryption
            1. Symmetric key encryption
            2. Public key encryption
          2. Encoding
            1. ASCII and UNICODE/UTF-8
            2. URL encoding
          3. Hashing
        5. Decompiling and disassembling
        6. Summary
      10. 3. iDevices from a Forensic Point of View
        1. The iOS architecture
        2. The iOS filesystem
        3. iOS platform and hardware security
        4. Identifying stored data
        5. iOS acquisition and forensic approaches
          1. iOS boot process and operating modes
          2. Unique device identifier
          3. Lockdown certificate
          4. iOS acquisition
            1. Normal/direct acquisition
            2. Logical acquisition
            3. Physical acquisition
              1. Jailbreaking iOS 9
              2. Physical acquisition with Elcomsoft iOS Forensic Toolkit
          5. iOS artifacts recovery – evidence gathering and data recovery
            1. Artifact recovery using iPhone Analyzer
            2. Artifact recovery using MOBILedit! Forensic
        6. It's going biometric!
        7. Third-party applications
        8. Summary
      11. 4. Android Forensics
        1. Android OS – all you need to know
        2. Android security model
          1. Full disk encryption
            1. KeyChain and KeyStore
          2. Application security
            1. Application sandboxing and permissions
            2. Security Enhanced Linux – SELinux
            3. Application signing
        3. Bypassing security
          1. Bootloader/recovery mode
          2. Rooting an Android device
          3. Cracking a lock pattern
          4. Cracking a PIN/password
        4. Android logical data acquisition
          1. Logical data acquisition using ADB
          2. Logical data acquisition using AFLogical OSE
        5. Android physical data acquisition
          1. Analyzing the acquired image using Autopsy
        6. JTAG and chip-off forensic examinations
        7. Third-party applications and a real case study
        8. Summary
      12. 5. Windows Phone 8 Forensics
        1. Windows Phone 7 versus Windows Phone 8
        2. Windows Phone 8 internals
          1. Partitions and the filesystem
            1. MainOS volume
            2. User Data volume
            3. Removable User Data
          2. Application data storage
        3. Windows phone 8 security models
          1. Windows Phone 8 Secure Boot
          2. Windows Phone 8 application security
          3. Windows Phone data protection
            1. Device access and security policies
            2. BitLocker and hardware encryption
        4. Windows Phone logical acquisition
          1. Windows Phone logical acquisition using MOBILedit! Forensic 8.2
          2. Windows Phone logical acquisition using Oxygen Forensic Suite 2014
          3. Sideloading contacts and appointments acquisition agent
          4. WP Logical implementation
          5. Windows Phone cloud acquisition
            1. Cloud acquisition using Elcomsoft Phone Breaker
            2. Cloud acquisition using Passware Password Recovery Kit Forensic
        5. JTAG and physical acquisition
        6. Artifact location and user PIN study
        7. Summary
      13. 6. Mobile Forensics – Best Practices
        1. Presenting a mobile forensics process
        2. Mobile device identification
          1. Physical characteristics
          2. Device info
          3. Service provider
        3. Summary
      14. A. Preparing a Mobile Forensic Workstation
      15. Index